package com.spring.demo.spring_boot.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

import com.spring.demo.spring_boot.CustomAuthenticationProvider;

/**
 * 
 * @author 王辉阳
 * @date 2017年8月15日 上午11:54:46
 * @description 重写配置，使用自己的UserDetailsService来作为认证的provider
 */
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private CustomAuthenticationProvider customAuthenticationProvider;

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(customAuthenticationProvider);
	}

	/**
	 * 配置请求访问的限制
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().//
				antMatchers("/admin/**").permitAll().
				// access("hasRole('ROLE_ADMIN')").//
				antMatchers("/super/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_SUPER')").//
				and().formLogin();
	}

}